MUST Read This WSJ Article About Our Power Grid and How the Russians Hacked it With Phishing

Earlier this
month, the Wall Street Journal reconstructed the worst known hack into the
USA’s power grid revealing attacks on hundreds of small contractors.

The title is very apt: “America’s Electric Grid Has a Vulnerable Back
Door—and Russia Walked Through It”.

It’s so relevant because it describes a very effective supply-chain attack that
could happen to your own organization as well. The article focuses on the spear
phishing and watering hole attacks that compromised small contractors and
giving the attackers a footprint to hack further up the power grid chain.
Remember the Target hack?

The Wall Street Journal pieced together this account of how the attack unfolded
through documents, computer records and interviews with people at the affected
companies, current and former government officials and security-industry
investigators. Some experts believe two dozen or more utilities ultimately were
breached.

It’s a must-read because this is the No.1 vulnerability that leads to the
dreaded data breach. I strongly recommend you sit down with your management
team and do the following exercise:

Identify the top 5 suppliers that
would cause downtime or serious disruption of your production if they were
to get hacked or were off the air

Find out if they only require
once-a-year awareness training just to be compliant

To keep their business as your
supplier, require them to sign up with GDR Group, and deliver you the
evidence that their users have stepped through the 45-minute module and
get sent simulated phishing attacks once a month.

This
excellent WSJ reporting demonstrates again that your own employees need to be
the strongest human firewall possible, and that your suppliers also need to be
part of that same defense-in-depth strategy.

Users, regardless of their role within the organization, need to be educated on scams like this in order to elevate their understanding for the need to be vigilant against external threats. Security Awareness Training educates users on the latest trends in phishing scams, malware, social engineering, and more in an effort to establish a security culture, reducing your organization’s risk of successful cyberattack. Take the first step now and email info@gdrgroup.com to get started.